149 matches found
CVE-2026-35169
CVE-2026-35169 – LORIS help_editor XSS risk Affected software: LORIS (Longitudinal Online Research and Imaging System) self-hosted web application. Vulnerability: The help_editor module failed to properly sanitize certain user-supplied variables, enabling a reflected cross-site scripting (XSS) at...
CVE-2026-35165 LORIS has incorrect access checks in document_repository
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...
CVE-2026-35165
CVE-2026-35165 affects LORIS (Longitudinal Online Research and Imaging System). From 21.0.0 up to just before 27.0.3 and 28.0.1, the document_repository frontend enforced access controls while the backend endpoint failed to verify permissions, allowing a user to potentially download a file they s...
CVE-2026-35165 LORIS has incorrect access checks in document_repository
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...
CVE-2026-34985 LORIS has incorrect access checks in media module
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...
CVE-2026-34985 LORIS has incorrect access checks in media module
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...
CVE-2026-34985
LORIS (Longitudinal Online Research and Imaging System) has an access-control flaw in the media module: from 16.1.0 up to just before 27.0.3 and 28.0.1, the frontend filters access-restricted files but the backend did not enforce access checks, allowing unauthorized users to access a file if the ...
CVE-2026-34985 LORIS has incorrect access checks in media module
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...
EUVD-2026-20557
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...
CVE-2026-34392 LORIS has a path traversal in static router
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...
CVE-2026-34392 LORIS has a path traversal in static router
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...
CVE-2026-34392
CVE-2026-34392 affects LORIS (Longitudinal Online Research and Imaging System). A bug in the static file router from 20.0.0 up to before 27.0.3 and 28.0.1 allows path traversal to escape the intended directory, enabling unintended files to be downloaded via the static, css, and js endpoints. Fixe...
CVE-2026-33350 LORIS has a SQL injection in MRI feedback popup
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...
CVE-2026-33350 LORIS has a SQL injection in MRI feedback popup
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...
CVE-2026-33350
Product: LORIS (Longitudinal Online Research and Imaging System). Issue: SQL injection in the MRI feedback popup window of the imaging browser. Root cause: Vulnerable code sections allowed SQL ingestion prior to certain releases. Versions affected: before 27.0.3 and 28.0.1. Impact: Attackers coul...
LORIS Neuroimaging Platform 安全漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform from 24.0.0 to 27.0.3, as well as versions before 28.0.1, have security vulnerabilities. These vulnerabilities stem from incorrect operation sequences in the FilesDownloadHandler...
LORIS Neuroimaging Platform 安全漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions of LORIS Neuroimaging Platform from 21.0.0 to 27.0.3, as well as versions before 28.0.1, have security vulnerabilities. These vulnerabilities stem from the backend endpoints not properly verifying...
LORIS Neuroimaging Platform SQL注入漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained a SQL injection vulnerability. This vulnerability stems from SQL injections in the MRI feedback pop-up window of the imaging browser, which...
LORIS Neuroimaging Platform 安全漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained security vulnerabilities. These vulnerabilities stemmed from lack of access checks in the media module backend, which could allow unauthorize...
LORIS Neuroimaging Platform 后置链接漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform from 20.0.0 to 27.0.3, as well as versions before 28.0.1, had a postback link vulnerability. This vulnerability stemmed from an error in the endpoint of the publication module,...